High common level of cybersecurity at the institutions, bodies, offices and agencies of the Union

Briefing 11-06-2024

The digital transformation is making the EU institutions and administration more vulnerable to cyber threats and incidents. Their number has surged dramatically in recent years: there were as many incidents during the first half of 2021 as in the whole of 2020, for instance. Yet an analysis of 20 Union institutions, bodies and agencies showed that their governance, preparedness, cybersecurity capability and maturity varied substantially, weakening the system. This regulation puts in place a common framework to ensure that similar cybersecurity rules and measures are applied within all Union institutions, bodies, offices and agencies, to bolster their resilience and incident-response capacities and rapidly improve the existing situation. In the European Parliament, the file was assigned to the Committee on Industry, Research and Energy (ITRE). The report was adopted unanimously in the ITRE meeting on 9 March 2023. The committee's decision to enter into interinstitutional negotiations was confirmed by the plenary on 15 March 2023. A provisional agreement was reached on 26 June 2023, and confirmed at the ITRE meeting on 18 September 2023. Parliament's plenary adopted the text on 21 November 2023, and the Council on 13 December 2023. The regulation entered into force on 7 January 2024. Fourth edition. The 'EU Legislation in Progress' briefings are updated at key stages in the legislative procedure.